17fd72287032e5c3f39cf563c13f3b7f502f57f07118583d13eba993e6292059

Analysis

max time kernel
140s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19-07-2024 00:14

Target

59af9af06f5fb6204d1fc5a8e7e9581d_JaffaCakes118.dll
Size

1.6MB
MD5

59af9af06f5fb6204d1fc5a8e7e9581d
SHA1

8b9d61ee68d61177cd085b224a50bf2363127637
SHA256

17fd72287032e5c3f39cf563c13f3b7f502f57f07118583d13eba993e6292059
SHA512

f2df3115c70dbf29f91ae32da28cd4cf9e6c5784e4b30ce07f33261f9a57adf15e5383bce16b7655104991beca6350bdcf6d3ce255c4b07f2d1705dceaba1eba
SSDEEP

24576:NzsOEXGLG99e7fJFhTAAqhrkYvkLRkMtB9SnSgRfku865+8m9vLUU9b+N6uLSe9y:9hw6HS35+8tU9bYPTt9H0b4nc

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4168 wrote to memory of 3700	4168	rundll32.exe	84
PID 4168 wrote to memory of 3700	4168	rundll32.exe	84
PID 4168 wrote to memory of 3700	4168	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\59af9af06f5fb6204d1fc5a8e7e9581d_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4168
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\59af9af06f5fb6204d1fc5a8e7e9581d_JaffaCakes118.dll,#1
  2⤵
  PID:3700

memory/3700-0-0x0000000000400000-0x00000000005B4000-memory.dmp

Filesize
1.7MB

Download